Litson & Associates (Pty) Ltd (L&A) and Litson & Associates Risk Management Services (RMS) respect the privacy of all individuals (data subjects) personal information and hereby confirm L&A’s commitment to the protection of such information and advise data subjects about how L&A would use this data.
In accordance with the South African PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013, L&A undertakes to:
- Comply with both the law and good practice
- Respect individuals’ rights
- Retain quality information
- Securely retain the personal information of data subjects
- Be open and transparent with individuals regarding the retention of their personal information
- Provide individuals with a choice as far as reasonably possible about what data is held and how it is used
L&A observes the principle of minimality whereby only relevant personal information is processed only to a degree needed for the stated purpose. All personal information processed is done so with the consent of our clients (data subjects), with this information obtained directly from such clients. The information L&A collects about its clients depends on the specific L&A service that the client subscribes to. The information collected is limited to:
- Home language
- Email address
- Contact number
- Place of work
- Identity number
L&A processes the required personal information of a client to efficiently fulfil the relevant service as required by that client. The information will only be processed for the relevant and the original stated purpose of collection. No information will be given to a third party without the written consent of the owner of such personal information. L&A shall maintain ‘quality’ personal information which is “complete, accurate, not misleading and updated where necessary.”
L&A retains information for the period necessary to accomplish the given task and as legally required for business purposes. L&A will only retain information for the purposes stated in this policy. For legal reference, L&A may retain technical data in the form of audit reports which may include organisational information indefinitely. Personal information shall not be retained for a period beyond that which is deemed necessary to accomplish business requirements.
L&A has implemented measures to ensure that personal information is securely stored and protected. Security measures include safeguarding information against loss, damage, being destroyed and prohibiting access without authorisation. Should there be a breach of data, L&A shall inform the Information Regulator and, if known, the affected persons as soon as possible unless legally prevented from doing so.
L&A endeavours to keep stakeholders updated on our organization by from time to time sending relevant information on our products, services and upcoming training courses. L&A shall provide the option for a data subject to decline the use of their information through documented communication.
Data subjects have the right to request a copy of their personal information held. Data subjects have the right to request that L&A update, correct or delete any personal information which is deemed to be inaccurate. L&A will take reasonable measures to confirm the identity of the data subject in question before amending the personal information held. Data subjects have the right to object in whole or in part to the processing of their data. A data subject who has previously consented to the use of the data may at any time withdraw such consent. In the absence of such requests, L&A accepts that the data subject approves that the data is used as intended.
All of the above requests are to be directed to L&A at email@example.com
Should a data subject believe that L&A is using his/her information unlawfully, the data subject can complain to the Information Regulator by using the following contact details:
The Information Regulator South Africa
JD House, 27 Stiemens Street Braamfontein, Johannesburg, 2001
P.O Box 31533 Braamfontein,Johannesburg, 2017
By the data subject submitting his/her personal information to L&A, it will be considered that the data subject has given L&A permission for the use thereof as necessary and appropriate per this policy statement. Should a data subject not agree with these terms, he/she may choose not to provide any personal information to L&A. Such a decision may impede L&A from providing an effective service as required by the data subject.